Technology, Data and Privacy

Fieldfisher

Fieldfisher's European team of tech, data and privacy lawyers bring you the latest updates from the rapidly evolving world of data privacy, regulation, AI, automation. and robotics. 

  1. Data and Privacy Matters: Legal Updates - May 2026

    Jun 23

    Data and Privacy Matters: Legal Updates - May 2026

    Lorna Cropper, Chloe Abbott and Sandra Ofili round up key data and privacy developments from May 2026. They begin by highlighting a significant milestone: May marked ten years since the GDPR came into force and the two-year countdown to applicability started. The team reflects on the GDPR’s lasting influence on data protection legislation across the EU and beyond. Continuing with European developments, the team discuss the European Parliament and Council's provisional political agreement on the Digital Omnibus reforms to the AI Act, as well as the European Commission's publication of draft, non‑binding guidelines on the classification of high-risk AI systems.  The focus then shifts to the UK, where the team outlines key legal updates, including the deadline to inform individuals of their right to make a data protection complaint and to implement an appropriate complaints procedure. To support organisations in updating their policies and procedures, the team has prepared a practical one-page guide, available here. Children’s online safety also remains a key priority this month. The team discusses the ICO’s statement on age assurance, Ofcom’s update following tech firms’ responses to its call for action to protect children, and the close of the UK Government’s consultation on children’s digital wellbeing. The podcast concludes with recent enforcement developments, including the ICO’s decision to fine South Staffordshire Plc and South Staffordshire Water Plc following a major cyber incident, and the Irish Data Protection Commission’s formal inquiry into SHEIN’s Irish entity concerning the transfer of EU/EEA personal data to China.

    11 min
  2. Data and Privacy Matters: Legal Updates - March 2026

    Apr 21

    Data and Privacy Matters: Legal Updates - March 2026

    In the March edition of Data & Privacy Matters, the Fieldfisher Tech and Data team round up key UK and EU developments across data protection, online safety, cybersecurity, and digital regulation.  They begin with the ICO’s draft updated guidance on automated decision‑making and profiling, published following the Data Use and Access Act 2025. The guidance clarifies when automated decision‑making rules apply, what meaningful human involvement looks like, and signals a shift towards a more permissive “right to challenge” model. Staying with the ICO, they discuss updated purpose limitation guidance, which tightens expectations around compatibility assessments and record‑keeping where personal data is reused, particularly where consent was the original lawful basis. Children’s online safety remains a major focus this month. The team cover the joint ICO and Ofcom statement on age assurance under the Online Safety Act, alongside potential European Commission enforcement under the Digital Services Act, reflecting increased regulatory scrutiny of age assurance, default settings and systemic risk. European developments continue with draft guidance on the Cyber Resilience Act, clarification on software scope, and the closure of the Digital Fitness Check consultation under the Commission’s Digital Omnibus initiative. They conclude with enforcement and litigation updates, including the CJEU’s Brillen Rottler ruling on abusive DSARs and a cyber incident at UK Companies House. Find the sources here.

    25 min
  3. Data and Privacy Matters: Legal Updates - January 2026

    Feb 19

    Data and Privacy Matters: Legal Updates - January 2026

    The episode starts with a discussion of the EDPB's consultation regarding the Processor Binding Corporate Rules (BCR-Ps). The consultation seeks feedback on the EDPB's draft recommendations on the BCR-Ps which include standardisation measures and various clarifications and explanations, alongside discussion on the scope of the BCR-Ps. The team then speaks about recent developments in online safety for children. As discussed last episode, it truly does seem to be the year of the child when it comes to international data protection.  First, the podcast discusses the Global Online Safety Regulators Network's joint statement on shared principles for the adoption of age-assurance technologies. The UK government's consultation into children's access to social media is also explored, and finally the podcast reviews the EU push for age-based restrictions to social media. The podcast then summarises news from the UK. The episode looks at the ICO's new powers and the new criminal offences under the Data (Use and Access) Act 2025. Recent investigations are then discussed, with a focus on Grok and Meta who are under scrutiny from the ICO and Ofcom. Before moving on to the EU, the team also touch on various structural developments to the ICO and Ofcom, with a formal cooperation agreement established between Ofcom and the Internet Watch Foundation, and updated ICO guidance published on Rights of Access and International Data Transfers. On the EU front there was a range of matters requiring the podcast's attention this month. The diverse topics explored include the EU-Brazil adequacy decision, the Irish X Internet Unlimited Company litigation, an EU Digital Omnibus update, negotiations regarding the detection of online CSAM and new Regulation (EU) 2025/2518. The episode is wrapped up with mentions of significant fines and enforcements, including various French CNIL fines ranging from €3.5 million to €27 million and the European Commission's preliminary findings that TikTok is in breach of the Digital Services Act (although we note a final decision has not yet been reached). With the volume of continuous developments in the data and privacy ecosystem, it can be hard to stay on top of the key news stories. This is a must-listen podcast to catch up on notable data and privacy news in the past month and consider what your business or organisation needs to be doing in response. Find the source of news discussed here.

    26 min
  4. Data and Privacy Matters: Legal updates - October 2025

    11/14/2025

    Data and Privacy Matters: Legal updates - October 2025

    In the latest episode of Fieldfisher’s Data and Privacy Matters podcast, hosts Lorna Cropper, Emma Yaltaghian and Sophie Gosling provide a comprehensive roundup of the key legal developments from October 2025.  The team start by discussing the Irish DPC’s €530 million fine against TikTok, with the regulator finding that TikTok had not applied appropriate safeguards when transferring data to China and had fallen short on its transparency obligations. The team also reviewed the EDPB’s opinion on the UK’s adequacy decision, which welcomed continued alignment with EU standards but raised concerns over new ministerial powers introduced under the Data (Use and Access) Act.  They continue with coverage of the ICO’s successful appeal against Clearview AI, confirming that the regulator can take enforcement action against overseas organisations processing UK residents' data - even if they are third party controllers and do not engage in such monitoring themselves. The ICO’s ongoing consultations were also discussed, including new guidance on enforcement and the upcoming charitable purpose soft opt-in for direct marketing. The team reflects on the high-profile case of former MasterChef host Gregg Wallace, who brought legal action against the BBC for delayed responses to his data subject access requests, highlighting the operational and reputational risks of mishandled DSARs. Finally, the team discusses several major enforcement actions. Capita was fined £14 million following its 2023 ransomware attack, Grindr’s €6.5 million penalty for unlawful data sharing was upheld in Norway, and the Dutch DPA fined Experian €2.7 million for unlawful credit profiling.

    25 min

About

Fieldfisher's European team of tech, data and privacy lawyers bring you the latest updates from the rapidly evolving world of data privacy, regulation, AI, automation. and robotics. 

You Might Also Like